So I have an interesting script I am trying to figure out, basically I need to change a custom attribute value to a new one. The problem is its for both users and computers and not specific to the groups. So for instance the value might be Billing1 for several users in an OU and this need to be Billing2. So I need to find any instance of the Value of Billing1 and change it to Billing2 not knowing the user or computer object. I can successfully change one at a time if I know who the user is by using Set-ADUser, Set-ADComputer and even with Set-AdObject but I need to figure out a Find and replace function.
I have searched for this and I have found examples of where I can use CSV for users and computers but again I don't know who has what since the value in the attribute can vary and also changes if a reorg happens.
got the correct script...
Get-ADComputer -Properties enterattributename -Filter {enterattributename -like "value to search" } |Set-ADComputer –replace #{ enterattributename =”value to change”}
this also can be applied to Get-ADUser and Get-ADObject
Related
I've seen multiple examples on adding a user to a group after creation, but not at the time of creation. Is that possible? Currently, I have something like this: (most attributes removed for simplicity)
$user = New-ADUser -Name "person" -Path "OU=test,OU=myorg" -Office "home" -samAccountName "snuffy.john" -PassThru
if ($user){
Add-ADGroupMember -Identity mygroup -Members $user.samAccountName
}
This causes two calls to the ldap server for each user added and I'm trying to prevent that as I have many thousands of users and the script takes a long time to run. I've checked MS docs but didn't see anything. If it's not possible, it is what it is. Thought I'd try asking at least. I also just started using powershell last week.
You may turn your thinking. with thousands of users I would do it like this.
First create all users.
Then get them by Get-ADUser -Filter * -SearchBase "OU=test,OU=myorg" (or maybe Filter the CreatedDate Attribute to get all new users)
After getting the users try to filter them for the groups you want to put them into and use the Add-ADGroupMember cmdlet, which accepts an array of ADPrincipals for parameter "-members".
This will speed up your code.
It might look silly but I'm struggling with finding user with Powershell by providing his full name and his manager full name. Purpose of script is to get SamAccountName and Email Address by using mentioned values which are provided by other team (these are the only unique values I get - getting user by Full Name is not any kind of problem, but it's possible that it'll return multiple results, and that's why Manager Full Name would determine appropriate result).
First I was using simple command
Get-ADUser -server $gc -Filter { (CN -eq $uFullName) -and (extensionAttribute4 -eq $mFullName) }
It worked great, but unfortunately I noticed that not all accounts use extensionAttribute4 to hold manager full name. I thought of using Filter on manager property but when I tried to use (Manager -like "*value*") it returned that like operator isn't supported by this attribute.
I'm still trying to find solution for this but maybe someone will have some solution to this situation.
Thank you in advance.
I found this MS script to extract admin users from AD. It gets the roles with $AzureADRoles = #(Get-AzureADDirectoryRole -ErrorAction Stop), iterates over them, and gets the users using $RoleMembers = #(Get-AzureADDirectoryRoleMember -ObjectId $AzureADRole.ObjectId).
It works great, only I need to access the description field on these users. Unfortunately, the $RoleMembers don't have a description attribute, even though the $AzureADRoles do!
Is there some way I can get the description field for the users, perhaps with a similar command? I see some commands that would do the trick if I wanted to traverse group members, but I'm looking for something role-based.
Thanks!!!
I found the answer here. I just had to add $Admin = Get-ADUser -Identity $RoleMember.DisplayName -Properties Description before constructing $ObjectProperties in a try/catch block, then get the description from $Admin and grab everything else just like before.
I am a beginner in PowerShell, so I have been tinkering around it to learn more about its uses. Currently I have a task that requires me to remove a list of chosen groups from a user.
The user is in a different domain, hence I have used LDAP.
I am able to find that user and bind it to an object using the command below:
[ADSI]$user = "LDAP://CN=xxx,OU=xxx,DC=xxx"*
so I am able to display whatever information required from $user e.g. $user.sAMAccountName, $user.DisplayName it works. Except for the users groups...
I try the command to remove the groups listed in the user based on sAMAccountName; as all the users in that domain is identified easier by sAMAccountName, it doesnt work.
this command was used just to see if I can remove one group first; if $user can be found and read by the command; it doesnt work
remove-adgroupmember "GroupName" $user.sAMAccountName
or when I tried to display the groups instead to see if $user can be read, it also doesnt work,
Get-ADPrincipalGroupMembership [ADSI]$user = "LDAP://CN=xxx,OU=xxx,DC=xxx" |
select name
I have tried to search regarding this issue, but almost all the tips does not involve different domains or used ldap for other domains, it uses the primary domain instead, and I am not sure on how to edit that part.
If anyone can advice me I would be very grateful, thank you =)
As per the subject, I'm trying to get the name of a property and the value assocaited with that property, for a specific mailbox.
So, the line below gets me a nice list of the available object properties, and a default column displayed in the output has the heading 'Name'
Get-Mailbox -Identity "Person Name" | gm
I then want to say something like:
For the object: "Mailbox of Person Name"
Where the property of "Mailbox of Person Name" has a name like 'quota'
List both the actual property name and it's value for "Mailbox of Person Name"
I've tried a number of things using -ExpandProperty/Select-Object/Where-Object but they're all failing. I'm sure this is pretty basic, but Powershell is definitely not my strength. Can anyone show me how to structure this pipeline correctly?
You do not need to use Where-Object, only Select-Object:
Get-Mailbox -Identity "Person Name" | Select-Object -Property *quota*
You seem to have used the correct commandlets. Where-Object filters. Select-Object selects specific properties.
From my experience, sometimes what you see on the console doesn't match the actual property name because there is a formatter that can even change the column name. If you you drive the Where-Object and Select-Object with that virtual property name then they do fail. Also sometimes, the output is not really a recordset that works well with these cmdlets.
My advice is to always check the type of an object when things go strange. Starting from $items=Get-Mailbox -Identity "Person Name".
Then $items.GetType() reveals the actual .net type.
Then $items.Count reveals if it is actually an array or a single object.
Then $items|ForEach-Object {$_.GetType()} reveals the type of each object.
Also the $items|Get-Member is very helpful to figure out the property names. If necessary use it also within your loop.
That is how I troubleshoot strange behaviors and if you can post your findings and the code you tried with Where-Object and Select-Object that would be a great help.